With just a glance, Face ID can unlock Apple's new iPhone X, giving owners a new authentication paradigm for the first time since the arrival of Touch ID with the iPhone 5. Face ID – that's Apple's name for the technology – uses a complex front-facing camera system and accompanying software to unlock the iPhone and authenticate purchases and payments with a mere glance.

The futuristic-seeming tech is one of the iPhone X's main selling points, along with its "Super Retina" OLED screen, slimmer, bezel-less form factor and improved camera. But it also raises questions about whether the technology is as easy and secure to use as the tried-and-true fingerprint-based Touch ID.

Before Face ID, the gold standard was Touch ID

When reports began picking up steam this year that Apple would release an iPhone without Touch ID – the Home button-based authentication method that's been around since 2013 – longtime Apple users were wary. Touch ID, which was updated with an even faster sensor in 2015, has become second-nature to iPhone (and iPad) owners when it comes to unlocking their phones and tablets and when making Apple Pay payments.

Apple

Touch ID is a classic piece of Apple tech: It just works. It's simple to set up and easy to use – just place a finger on the sensor to unlock your device. Since its arrival, Touch ID has played no role in any major security breaches and has helped advance the move to mobile payments.

Apple called it the gold standard for authentication, which explains why it's included on all modern iPhones and iPads, including the new iPhone 8 and 8 Plus. With a solid track record and a 1-in-50,000 possibility that someone else's fingerprint matches your own, why phase it out now?

It comes down to form and function: The iPhone X's new OLED display (form), which takes up the whole front of the phone, and the arrival of an even easier-to-use and secure authentication method (function).

Face ID is Apple's latest move to make security and authentication as convenient as possible. Touch ID is active, requiring that you physically touch a sensor; Face ID is passive, requiring only that you glance at the phone. Facial recognition technology isn't even new. It's been used on Samsung devices for several years now.

What is new is Apple's implementation. Samsung's version of facial recognition can be defeated with a photograph; Face ID promises to be much smarter than that.

How Face ID works

The iPhone X's "notch" – the dark strip at the top of the display – actually houses a variety of sensors, including the new True Depth camera system. This includes an infrared camera, a flood illuminator, a regular camera and a dot projector. The flood illuminator shines infrared light at your face, which allows the system to detect whoever is in front of the iPhone, even in low-light situations or if the person is wearing glasses (or a hat). Then the dot projector shines more than 30,000 pin-points of light onto your face, building a depth map that can be read by the infrared camera.

Apple

Face ID being set up.

It's all analyzed by the custom Apple A11 "Bionic" chipset and compared against data in the Secure Enclave on the phone. (Apple stresses that face data never leaves the iPhone X and is never backed up anywhere, even on its own iCloud servers.)

This method of authentication happens in milliseconds, which is as close to real-time as you can get.

There are a few tricks to the system designed to bolster security: your eyes must be open, so another person can't unlock your phone by pointing it your face while you sleep. And your attention must be on the device for it to register a successful scan. You must be looking at the display for Face ID to work.

Teaching Face ID to work

Apple's Face ID system uses Apple's Machine Learning algorithms and a "Neural engine" hardware component built into the A11 processor to analyze and recognize your face. This includes keeping up to date with changing appearances, such as when you're growing a beard or wearing sunglasses. (The infrared light can see through those sunglasses to detect your gaze, and the system will still recognize you if enough data points match.)

What is a neural engine? It's a custom-designed, dual-core chip specifically made to crunch data, identifying people, places and objects without affecting the phone's primary CPU. In addition to powering Face ID, this custom hardware lets Photos identify your friends, the places you've visited, the things you've taken pictures of and it powers the fun, new Animoji feature.

It's also important to note that apps that can now be unlocked an accessed using Touch ID will be accessible using Face ID.

How secure is Face ID?

Face ID analyzes your features in real-time, processing more data points - 30,000 of them - than Touch ID measures when scanning a fingerprint. Apple worked to make sure the system can't be spoofed by photographs and worked with Hollywood mask-makers to ensure even elaborate masks won't defeat the system. (This PDF from Apple has more granular detail about how Face ID works.)

As a result, according to Apple, the chance a random person can unlock your phone using their face is 1 in a million; it's 1 in 50,000 for Touch ID. But there is a caveat. If you have a twin, or know someone with a close genetic relationship with you, or you're under the age of 13, Face ID authentication has a higher probability of being broken. This doesn't mean it will be broken – just that the probabilities change under these conditions.

For most users post-puberty who don't have a doppelgänger walking around, Face ID should be more than secure enough for their needs.

The important thing to remember is that Face ID and Touch ID are more about convenience and design than security. Apple does its best ensure your bio data is difficult to crack, but your best security is still a strong password (or a long passphrase). If someone can pick up your iPhone and guess your password by the cute puppy wallpaper showing Fluffy's name on the collar, all of the encryption and enhanced security algorithms in the world won't help. Your password will always remain the biggest point of weakness on a mobile device that's fallen into the wrong hands. So it's best to make it a strong one.

As it did with Touch ID, Apple has included an option to bypass Face ID and require a password to successfully can unlock the iPhone X. To disable Face ID on the fly, hold down the side and volume down buttons at the same time for a few seconds (essentially, "squeezing" the iPhone).

According to Apple's Face ID PDF, a passcode is still required under these circumstances:

The device has just been turned on or restarted.

The device hasn't been unlocked for more than 48 hours.

The passcode hasn't been used to unlock the device in the last 156 hours (six and a half days) and Face ID has not unlocked the device in the last 4 hours.

The device has received a remote lock command.

After five unsuccessful attempts to match a face.

After initiating power off/Emergency SOS by pressing and holding either volume button and the side button simultaneously for 2 seconds.

Face ID in the future

Apple tends to release ground-breaking technologies that eventually spread throughout its line-up and are soon adopted industry-wide. There's already speculation about Face ID showing up in next year's iPads and less-expensive iPhone models.

Face ID is clearly an important part of the future for Apple's mobile devices. It's one of the reasons CEO Tim Cook hailed the iPhone X as setting the pace for iPhones for the next 10 years. And it shows that Apple's efforts to innovate and outpace its competition should keep it a technological trendsetter for years to come.

Michael deAgonia, a contributing writer for Computerworld, is a computer consultant and technology geek who has been working on computers since 1993, with an emphasis on Macs, macOS, and iOS. For more Apple insights, follow him on Twitter.